Supplier selection & directed-buy (IATF only)
Plain-language summary
Supplier processes get included in your QMS scope where you control them; selection follows a documented process assessing risk, quality, delivery, cost and capability; customer-directed suppliers still get your controls applied.
What the clause is really asking
The selection process must assess supplier risk to product conformity and supply continuity, QMS status, delivery and financial robustness where relevant. Directed-buy sources (customer chooses, you must buy) do not remove your responsibility for receiving controls and monitoring unless the customer explicitly takes it.
What auditors look for
Auditors review selection files for recent new suppliers (risk assessment present? criteria scored?) and probe directed sources: what controls do you still apply, and where did the customer define the split of responsibilities?
Typical evidence
Documented selection process; selection assessments; directed-buy responsibility agreements; receiving controls on directed parts.
How to comply — recommendations
Use a one-page supplier selection scorecard including a risk section. For every directed-buy part, get the responsibility split in writing from the customer — when the directed supplier fails, that paper is your protection.
Common nonconformities
New suppliers onboarded with no documented assessment; directed-buy parts waved through with zero controls; no written responsibility agreement for directed sources.
Related clauses
Builds on ISO 9001 8.4.1
Qlause provides interpretive guidance only and is not a substitute for the standard. Refer to your licensed copy of ISO 9001 / IATF 16949 for the authoritative text.